CVSS Score of 10 (low)


Published Jul 12, 2023
Updated: Nov 7, 2023


CVE-2023-3168 is a vulnerability in the WP Reroute Email plugin for WordPress, affecting versions up to and including 1.4.9. The vulnerability arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts into pages. This means that whenever a user accesses an injected page, the injected scripts will execute. The vulnerability has a CVSS score of 6.1, indicating a medium severity level. It has been categorized as CWE-79, which refers to improper neutralization of input during web page generation (cross-site scripting). There are 63 recorded instances of this vulnerability, and it affects multiple products within the affected_products list. To remediate this vulnerability, users should update their WP Reroute Email plugin to a version that includes the necessary security patches. The potential danger posed to organizations is significant as it enables attackers to execute malicious scripts, potentially leading to the compromise of sensitive information or unauthorized access within affected WordPress websites utilizing the vulnerable plugin version.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-3168 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options